Lucene search
K

7 matches found

0day.today
0day.today
added 2023/04/05 12:0 a.m.182 views

Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to XSS Vulnerability

Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting XSS Exploit Author: Mostafa Farzaneh WPScan page: https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c Vendor Homepage:...

4.3CVSS5.3AI score0.02179EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.172 views

Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)

Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting XSS Date: 2022-05-25 Exploit Author: Mostafa Farzaneh WPScan page: https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c Vendor Homepage:...

4.3CVSS5AI score0.02179EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/04/05 12:0 a.m.246 views

Calendar Event Multi View 1.4.07 Cross Site Scripting

Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting XSS Date: 2022-05-25 Exploit Author: Mostafa Farzaneh WPScan page: https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c Vendor Homepage:...

4.3CVSS5.1AI score0.02179EPSS
Exploits5
OSV
OSV
added 2022/08/16 7:15 p.m.2 views

CVE-2022-2846

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and...

4.3CVSS5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/08/16 12:0 a.m.4 views

CVE-2022-2846 Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and...

4.9AI score0.02179EPSS
Exploits5References2
Cvelist
Cvelist
added 2022/08/16 12:0 a.m.22 views

CVE-2022-2846 Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and...

4.9AI score0.02179EPSS
Exploits5References2
CVE
CVE
added 2022/08/16 12:0 a.m.72 views

CVE-2022-2846

The CVE-2022-2846 concerns the Calendar Event Multi View WordPress plugin prior to version 1.4.07. Root cause: missing authorization, CSRF protections, and insufficient sanitisation/escaping in event creation fields. Impact: unauthenticated attackers can create arbitrary events and inject Cross-S...

4.3CVSS4.5AI score0.02179EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder